Hacking fines

Sony has been fined £250,000 for failure to prevent hacking on Sony’s PlayStation Network Platform. Following several denial of service attacks the Sony platform was hacked in April 2011. Personal information of millions of customers was accessed, including their names, addresses, dates of birth, account passwords and payment card details. The Information Commissioner’s Office considered this a serious contravention of the Data Protection Act because appropriate measures had not been taken against unauthorised or unlawful processing of personal data and against accidental loss, destruction or damage to personal data. The amount of the fine took into account aggravating features: failure to put technical measures in place or anticipate further attacks and to take prompt security measures. In mitigation, Sony had been subject to a focused and determined criminal attack and, even though it should have been anticipated, Sony had voluntarily report the breach.